Author: Jason Davies

NewsSecurity Vulnerabilities

Apache Tomcat – CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session persistence)

The fix for CVE-2020-9484 was incomplete. When using a highly unlikely configuration edge case, the Tomcat instance was still vulnerable

Read More
NewsSecurity News

BitRAT RAT delivered by APOMacroSploit Malware Builder

The BitRAT Remote Access Trojan (RAT) has been observed recently being delivered by APOMacroSploit, a macro exploit generator that can

Read More
NewsSecurity Vulnerabilities

Microsoft Releases Out-of-Band Security Updates for Exchange Server

Microsoft has issued several security updates for Microsoft Exchange Server to address vulnerabilities that have been used in limited targeted attacks.  Due to the critical nature of these

Read More
NewsSecurity Vulnerabilities

Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability [CVE-2021-1388]

CVE number = CVE-2021-1388 A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services

Read More
NewsSecurity Vulnerabilities

Cisco Application Services Engine Unauthorized Access Vulnerabilities [CVE-2021-1393 & CVE-2021-1396]

CVE numbers = CVE-2021-1393 & CVE-2021-1396 Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain

Read More
NewsSecurity Vulnerabilities

Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability [CVE-2021-1361]

CVE number = CVE-2021-1361 A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches

Read More
NewsSecurity News

Windows Kernel Zero-Day Exploit Used By Bitter APT in Targeted Attack

DBAPPSecurity identified a zero-day exploit present in targeted Bitter APT attacks. They discovered the in-the-wild sample in December 2020 and

Read More
NewsSecurity News

IronNetInjector Malware

Palo Alto have published a blog post analyzing IronNetInjector, a new malware loading tool attributed to Turla. IronNetInjector is composed

Read More
Spam List

Spam from starsupial.eu e-mail addresses

We are receiving lots of reports of spam e-mails that appear to come from the starsupial.eu domain name. The spam

Read More
NewsSecurity Vulnerabilities

vSphere Replication updates address a command injection vulnerability (CVE-2021-21976)

vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity with

Read More